Bitfinex Breach Claim Revealed as Hoax

Reading Time: 2 minutes
  • The alleged hack on Bitfinex has been revealed to be a sales tactic
  • A ransomware group falsely claimed to have hacked Bitfinex and stolen masses of customer data
  • FSOCIETY was selling a hacking tool at the time of the ‘breach’

Rumors of a hack on the crypto exchange Bitfinex have been revealed to be nothing but a hoax by a ransomware group looking to sell a hacking tool. FSOCIETY claimed over the weekend that it had breached the exchange’s security measures and obtained sensitive data of Bitfinex and several other smaller entities. It was initially reported that 2.5TB worth of data and the details of 400,000 customers had been dumped online, but this was soon proved to not be the case, with the whole thing put down to an attempt by FSOCIETY to sell a hacking tool.

Skepticism Soon Mounts

The ‘hack’ allegedly took place in late April but only came to light over the weekend, although the initial panic soon gave way to skepticism with none of the cabal of entities FSOCIETY claimed to have hacked, including Bitfinex, acknowledging a significant data breach or the payment of a ransom.

Bitfinex CTO Paolo Ardoino soon issued a response on X, indicating that the news “seems fake”, noting that the alleged hackers had reportedly posted two links containing sample data with 22,500 records of emails and passwords.

However, Ardoino reported that Bitfinex does not store plaintext passwords or two-factor authentication secrets in clear text and that, among the 22,500 emails, only 5,000 matched Bitfinex users. If the data had truly been from their database, Ardoino said, the company would have expected a 100% match rate.

Ardoino also pointed out that the hackers did not contact Bitfinex directly and instead published their post on April 25th, allowing seven days for communication, but Bitfinex only learned of this claim on Friday 3rd; if the hackers had genuine information, he said, they would have reached out through the company’s bug bounty program, customer support tickets, emails, or social media, but no such requests were found.

Sales Tactic Suspected

As for where the data came from, Ardoino suspected that the hackers likely assembled the database from multiple crypto breaches, noting that many users reuse their email/password combinations across different platforms.

A follow-up post confirmed the rationale for the stunt, including a quote from a security researcher:

…it seems they [FSOCIETY] are selling the tool used that supposedly was used to hack Bitfinex and Rutgers. So by creating a buzz about successfully hacking well known companies / a university, it is an advertisement of how good their tool is and others should buy it so they can make millions of dollars by using it to exploit companies using this tool. So it seems you are the clickbait to give this tool credence so the sellers of this tool can scam other scammers.

Bitfinex users will be relieved that there was no hack, but it should nevertheless act as a reminder to not re-use password and email combinations in case the real thing happens.